Quick Reference Guide
ACL Commands 105
DELL CONFIDENTIAL – PRELIMINARY 5/15/12 – FOR PROOF ONLY
•
igmp-type
— Specifies IGMP packets filtered by IGMP message type. Enter a number or
one of the following values:
host-query, host-report, dvmrp, pim, cisco-trace, host-
report-v2, host-leave-v2, host-report-v3
. (Range: 0 - 255)
•
destination-port
— Specifies the UDP/TCP destination port. (Range: 1 - 65535)
•
destination-port-wildcard
— Specifies wildcard bits to be applied to the destination port by
placing 1s in bit positions to be ignored.
•
source-port
— Specifies the UDP/TCP source port. (Range: 1 - 65535)
•
source-port-wildcard
—Specifies wildcard bits to be applied to the source port by placing 1s
in bit positions to be ignored.
•
flags
list-of-flags
— Specifies the list of TCP flags. If a flag is set, it is prefixed by "+". If a
flag is not set, it is prefixed by "-". Available options are
+urg, +ack, +psh, +rst, +syn, +fin,
-urg, -ack, -psh, -rst, -syn
and
-fin
. The flags are concatenated to a one string. For example:
+fin-ack
.
Default Configuration
No IPv4 ACL is defined.
Command Mode
IP-Access List Configuration mode.
User Guidelines
•Use the
ip access-list
Global Configuration mode command to enable the IP-Access List
Configuration mode.
• Before an Access Control Element (ACE) is added to an ACL, all packets are permitted. After an
ACE is added, an implied
deny-any-any
condition exists at the end of the list and those packets
that do not match the conditions defined in the permit statement are denied.
Example
The following example shows how to define a permit statement for an IP ACL.
Console(config)# ip access-list ip-acl1
Console(config-ip-al)# permit rsvp 192.1.1.1 0.0.0.0 any dscp 56